Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Linux Phishing Attack Circles Net



 By: David Morgenstern
2004-11-20
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Updated: A fake security bulletin purporting to be from Red Hat resurfaced, warning Linux users of a "critical-critical" security hole.

A bogus security bulletin and "patch" that circulated on the Internet late Friday marked the return of a phishing hoax aimed at Linux users.

The fake security bulletin warned Linux users of a "critical-critical" security hole that could compromise systems and allow root access to a remote attacker. It claimed the vulnerability was found in fileutils, the package of essential system utilities that manipulate files on a system. It warned of problem distributions including Red Hat versions 7.2 through 9.0, and Fedora Core 1 and Core 2 as well as others. However, the warning said BSD and Solaris platforms were unaffected by the vulnerability.

"The security bulletin was sent by an individual with malicious intent and not the Red Hat Security Response Team," said Josh Bressers, team member. "The message instructs the recipient to download and run will install a backdoor Trojan on the victims system."

Resource Library:
"Again, please apply this patch as soon as possible or you risk your system and others to be compromised," the fake bulletin said. It provided a link to a university archive.

However, Bressers said official alerts from Red Hat are always digitally signed to ensure their integrity. And patches will be availble from Red Hat Network to obtain updates and errata.

Still there were plenty of real security updates introduced during the week, as legit warnings were issued for a wide range of vulnerabilities in servers and client applications. On Friday, IBM issued an interim fix for a pair of DoS (denial of service) vulnerabilities affecting its HTTP Server V2.0.

Earlier in the week, Microsoft Corp. re-released its MS04-039 security bulletin to correct some issues affecting customers using ISA Server 2000 Service Pack 1 or Windows 2000 Service Pack 3. And security researchers warned of new bugs in Microsofts Internet Explorer browser on fully patched Windows XP SP2 machines.

In addition, a German security researcher uncovered multiple vulnerabilities in smbfs, the mountable SMB file system for Linux that is essential to Samba.

Finally, the updated Windows version of Skype Technologies SAs Skype VOIP program fixes a bug that could allow a remote attacker to compromise a Skype users computer.

Editors Note: This story was updated to include information and comments from a Red Hat.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Linux Phishing Attack Circles Net
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By David Morgenstern
 


x}v89hN;/.#-9Ķ<Ozw"!m䐔mu;[7]hɗtz'Ή-DU* w~vv IM לٔN]sPçwv$5vv]2I*_ d&@ jہ)}mk uB;;#|6S%߽w ^{j K&OºxgM$lM1 dck`p,FcwO5d{=B ~5;s #%=֥ɏ{ k[޷(z}:XQ=ze膡;? C+Jt/"(?F#&c-4~rwN0/PcwҴdh-vux;2oFVluy! 1#o ݿ!Hͤ޸@d`jId:@",C63!1kkT*R>l[Gݑ[#XsIzVHaSO*!)lpi#j9y` Ol+;){ uȭB ¿{k߀Cݸ1̷L[>'l"Rۄ@ظz00!}%DhOGPuh3 2n eþ=r@)Q_9PE}`[©;֨o>;W*)EsvU !GA mkh[N#ZI;\w{>~jr  N7Rߘ 0Q\&*Jt4M3QA 1qj`rM7Jq߸+ᖃhGZIAvina[E4b™EUdNߒ-~k~>E,3sAV5 ̠tW?#;ˠjqsںy\7=rڽ&IٝN4p3 ZʟZr`Ck'^SQ?&:aZ+jI-C{|&j]}<>$7Yn[gs`HםBm۲ܾ,BZKEkaXY|T͢4-I` o$SNE ;- uvPx۬ MZ!rƒ) u%ϙuW/7>hr ^@e)#8?݇IhJq䨉kYSl؅ R揇o4eO TY嗋mE|*(if);΀/3 BD4?CzC0!pJn.b? [&fuٜ҅%]WeLQcL\zfuEzW^?]{6LqD18,]evb`\on:jAb:??Z o׎r*GFU, FKP̶#ؠe)u{yNNR'})5ٴ>'4}t>'჎$>h&ƋCriYnL,rӇtw4AN{ݧn]=&tfo/*Abχ& ahMi F#m &>vl 8d $(s>w[L,)0( JC=ˋF0P6 = 2/?>aCnH }P(Vr`{)qmNl}h`1 >5g%N\IQo -2)%%E29 EEKy3@ $h-4az.ρmH~ݑvZO[2'9\t{B#\~(̄=*%nqR%e 932YIf=?j1!UG ,D`v9J,L.Y ϴ6jԍe}H*5tDބhd,a戡uy=YI-& # IK8Yfwq=7߄s w00ӊYsƾ s a0'6[9X0N,cBb+H5LôLhD,iocsYlE^\'1nuC\f{aMv"Vv6P0*FSMzB9;m9P.MMUPS7˕L<+׬UPM g2)*[hs<8:[(|3n2>=MJ=""ǰ@7Z`N)^HISНj!D9z٧l)s-[I%7˺ڏRumb$l =Ұ.Z.!d[0^Ԣ(/Q|u$"!lsiŰ,B /0|:Cb&^fthQ mM*`5:m |TM.r_`}dҶ9<:ʚUI,Yvn()z?r fSXS]![!rf>OH) z7HТ0V}2PaBSkjj33-F o+_`׆ K Lc*:tԳtgqu?_ZN îtٔ/hOvpuу=:Le"6X#e{WHZ`"!lX)+%UMh?O~5<2.eX"PY.=mQ\v)'9Yw$ Fizz2Y4p}r)©5j1|j0!B,#ןũ0vQԼ;(< 1cXh[pYbA& >FkdB _O;$!W6:%E>5ᝉ 1ǁdo+:!#Hu~HLb4> \Rbr>+j*W$T6pn)5tn*FviMym"P8+%$'uX6 =j|t~h322 YӅVJjBqrhU-WjsU|}8]et5MQpL:k}SWAWӪPYنHB&:dHCtݣk;J8Kj-f1Z5{AiM|ٌo!yUq@WIeĦ 24Z,Zd'W'W6>3}&mnf]D{mx< pb3HNQ͕G9X)UlqomA؋W%7<@j1e+4ctBvjZ9o ɘBb+>aJLӳ) lkLk?yWJe=McX< DV;I9dYa:9Afp(,;% k׌@X'-vgfL)FGӐBD]Vڲ ʊt谙DClУA$7v)PܘEwDF$۝>SR!oe(5uRV*X\5 VN 3FYˡYF 3_6^y" ς2JS->GIպi2RZVRj<*J9MLtM J lKqXCKkL9 -2j=sP9( Kd%3E8@X"u.[ɇݏ-s|a\dzLR(ɢ]2tܮcoVt0lg~hy# 4Qn߽p.;K'5?nvD;m)^{%o= rD.5;/Y"FB99o7S|OM1k0fhRb 1fF<$FD!B2.V3 /s>\zF_kj,6Eψa6Z4)Ί#s}uYLPH:XhaHHR ~tDӻ:o~gun/l D78C*QW"2Eh%iA%'&g <@&9FhDu~iG\E,}+)Fy*}y:}_exD+%BY3gI'=#$$y ?9/wbdBr 7{KAZd~j_eԉ9%2 \H?m[ħ{+ /䎑F=:d[=LTP6'in&. 6t[b)-Nxsؠ#%tBU[#QᛷG 6n2'|2JO$hבּ~QOtGov/zF]Y F=f/ݷ?~vcW};Ǎ>--8tǠ^CzҀI1&ZQVPWdU)I=Y)ǛG8Lb`@L6#Oځ{-3(#F-߸_2{K=7Kx=W"'LwUG%uB6{ZeeQJW=(qM@j%%y(IQ)"{"F%{twoo14m*z>-3'Km;w7w6BfP AV1a3 }k՛3.B)@(4T8hl?|nwcJljl 41Qhy]٦h "a' zYOC,' _?%IFܱSo-*_1;hTŗ̈́3W7Op&5;V)&5ŗ./4y˭(L JP »/Vxe[bw[8| vtj9J;~Nːu9:X**e1L@gx="6'O/dKMӶ5ƴsxڝCr6Cv﻾$fv-q[n6^ҥpv5Q0?E )bZ}:p~h'``=0+u:of1 ݲv9|'Cq$ܩeX1rǢA$ELjkDb!:K32lNaBb75=f}ex t9mNS6|p,uYDd?3Ԏm s&njUXR1f}]tR~5ٚ/\tALt+Y%!*,(Lbi.jm|p OnIƈ)ʄ^$v:$۞ގS + U zjbOc LB6(AsIRyebnH\Ub)mF2p1ߢI6~$=lhI'Њb '@/R%S>py#?b[Ho2%]=$LG\sv͒=ܬ̓tlSOq G^YE:,@|&j5Yh1%-#t zb&A'Y Q@$#+_" =*^{`wUn FH*鳁98kY`ܣX gH͡; n/~I-9V/EGH Ʒr{,x,}f:.gXfS/Xl1ԯgx--&O&T6Kq!ީ!` "vJ E PSp`93啭;DK$̽$wx Я^P T4WÔ~~~~~n1Ur'=$,![B5EYٸk;qa2! D #46=F{S\ݕ1 71מaR*PWBR1}cH\)6pHx9`r!}}=-b¶7%ԑPc37\gp]b{j'r#(rG_y}cnІH. ),sFTUH\Cd5|"H5֕WpJW+5 GtNc$|9+XWn D#!XS=}}ݾέ[* r՚yrD%R| ʿ z&u<\ϜyE L6 qT;6۬7olKvj}m:'o3${A۴Vx{7iq`Wul:]/ӆՓy0m}m-6bVԽK敲,f -__t'-.`D6ꅠdehh֒+N&8Ǧp4SqD穁ҶX &%=5.n Νko(j#:Zz_ڋKۨ_x *+`;≫@{6IS͏GP ђ,Ñ@u}sTQLjK"98 e{ܥ>~Ges9gG3~i=T⯠œjggƖ`j,$tIz iX@dO/ :â="Lamdߣ7-Y (oNpowSoc䭼Sd?߿߉o!?XSC ߉>I8OXD2EB~7BlU3N:@[ ٵ/=cf|#,bDݵg Z-#7}K[ŲKp=AYê)"(lwhF-"6,A\ۦ(B7UUNs%J({ô RcWF%3z J 0;AX^qT3&Ii4#uT[&^! R(B3VGBA8AXJo,"%vEap`8wQ%ϤPFpxIYL˃S^B=sf41%!]q>ƘKjtaVUՒRR,w9[dLox?B鞐ք1jx*B '9-S5J_RUBI mϏ=H3r3#m@Ə/=Gmc/mLtcZ8Ow| e -JfHu%-PI86cl3@`m4,\ >BπTa>A4`}*lZ%<`3}TϑVRjR;"=М|}yjMSZm_ܧF(+-Jc|kup֘OƷ3P}ӂ"Z{2ֱ:semTd0o='MBz5)zd HOχ`e飏ji+K M ;R8@N cˡWq\o7Z$ɡveA.,e| im"xo/e5!¯I{u >:bәS!-:u_ai;t]kt 3>нg3B;w^?jsAs ʒNi ͬͱ-j5%Fd]F Rd33KҠ+pSMC7RyVmIz .kx>ad݋R4}Af^hTJӑu /Ca|$wzB̥7b?= nθ8ǃ""a=X *>ndeH!H]YҙHB0\Ǎ6K윓M﷯{a/!摹;C}m!7gS]܎ h,4B.~ 'lI=0W l9:,WwкlŧtS#ᘭ#!+%A HS=*|k7/{ʁRTHe t083*%ӊF2*mws?^I79m[)45uG>u;WLQXj*!b3wȧ99gqzJ8,@d)(bU 7T,G,(ϏB5RSJH0^ofQ) '.X`,2E<ezY<>we~t:&Z!&n5KfltQQ({b8+M u?؃3,ȏ*nN QcRBG<_D ka]M,#>0(-ŌCZUѓȤ)t!dW`ǪZNWt x5nV?M.4W PRx  V #vFCT(^GL€،\ݹXh4?5iv>N;WNϻ7x Zѷh+lԭsm}>^}>\;Ba&hL湾,Ǜ,# rzټh3;eFq(M1BWMS(xe3ʋ KNi21Sl۽O N|vuI:jc[N^^[+!P/T9izmn¸~(hO1u{It/ۅFdRZ9yN(S S~ O͜.wsʑ[@V;O֗}Ns>?BgB㬳*4:r_'\C;9+4>r?C<>v/ry9\"?/?/re2OP) r)r˜̑K˜B9.n~+S:z/??}OP)'ߧ@M^9M@79_zyʛ9rּ…)rq/ 苼UrXB]@y>(P/ntsث:WJsz9^}NNF&/n+]a_[k /YSݲIլ 6 eIbAR-cLSS;N!=*%.n ۍMxL|uӚ޴{v<2k]Օ/#BAfПb 5I?&OtVfw 4;) vbi3q*K7ýEy2W8 0׀*150ŸeR 7㌰6N3{uCחU}=tfz}yXW4KeBghXc$+"79<R9Gq`F]S[tC=ӯ.{4"u`- 7J}MW[TJ7>{DD*&Q5YUdF*j堼_,)g^9Q(Fuo*K0njE=u̐ga0V1;BDO"Чc /v̺2beL=jf2EaSOp^Wv" $` pLB Pcgq =u] YIR,XA0b{I2hؐMXKlɜ]k'b"'mg&L͡; ,O~f+gM ĪG9Шsbx x-/WꞠW KgDr&ߢ)tφ  U/AD[e"fx xiPk`Vϙer-c6O-5U,%wB;P@5Ī"9<;${'F( {}> 8luy9"黰nT`a\m8NIѣmtEigFx{jIb&f\c)g/1 Ӯg[Li$GD{=4&FsoErl9GUZQ8ۈqef~A^D|݆e/ZB. S@e8>cc>m=]wrl#kvܙ%2H_x*$""H "s{B|%؄ B:ɄdX.N`'}ס)e4`,< bsފaCն+2}jSo:h}r;W3ܪQG4 (TǨz >IϐR1nsM0A}F垓gg_5b Gy&3@p6+Bqb<#归u\J_T~3)R\wц|7(6؋|%O' ܷ0)n93D:9Am'{;*lٹ ˜2J1Д8ٶ2#OA#r Oe[ O"OC24a (zc<9znG}L޴ѝ1$+nvGT g7>5'ك|2p6g!(ْ0ϋz >@/7A{J B ϱɮx*3@WD0;"6i}.KE&(Xp\'AΙَj3;:[r,c<[_Eڵyf#%SWJP'ɬq7V0Y c/1+$~Il=fҶ\)Vcʥ.Sܟ?B[a҃fFHwX (K# Lwn}9N]RjãōGXǸ[ [) Iy>p <Щ0 Jʶ)E=b농\Qm`-xa[An`Pm+Ѝ5O1igNbkc/χŀ{̾^f#9uVUtg)C2^#s!?"LnH2m^*?҂g' Q\F$30(y lm5G0X1+ (R9(t>0 'Ɣ ϰ"- s+׶9),כ .^3Ơ`{ej x ؚտHR#zi|Ð!goh=5gnBO\&DWK5FYS3 {߂ Tj}XXC`*F"e31C7Dn0BrH d[\O_مuv3\j/YH~1 <99.@OI"c؛bg_yfOȅ^`\YG7X]t1Nꇿe_:m^t?J{`gg񳣤FK;zvQKeS!V7v6̈́ В]&ŮMvbec%uP)